CN103077337A - Method and device for verifying user rights - Google Patents
Method and device for verifying user rights Download PDFInfo
- Publication number
- CN103077337A CN103077337A CN2013100080196A CN201310008019A CN103077337A CN 103077337 A CN103077337 A CN 103077337A CN 2013100080196 A CN2013100080196 A CN 2013100080196A CN 201310008019 A CN201310008019 A CN 201310008019A CN 103077337 A CN103077337 A CN 103077337A
- Authority
- CN
- China
- Prior art keywords
- user
- role identification
- role
- operational order
- current operation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention relates to the technical field of information security and discloses a method and a device for verifying user rights. The method comprises the following steps of: S1, establishing a document about the correlation between operation command identifiers and character identifiers; S2, before a user executes the current operation command, first judging whether the user is a custom user; if yes, allocating the custom user with a right, and increasing a character identifier associated with the corresponding operation command identifier in the document established in the step S1 according to the allocated right; and otherwise judging whether the user is an administrator user, if yes, executing the current operation command and then ending, and otherwise, going to step S3; and S3, according to the user name and the document about the correlation between the operation command identifiers and the character identifiers, judging whether the current operation command is allowed to be executed, and if yes, executing the current operation command and then ending. According to the invention, whether the user is allowed to execute the current operation command can be quickly judged according to the user name through the document previously setting the correlation between the operation command identifiers and the character identifiers.
Description
Technical field
The present invention relates to field of information security technology, particularly relate to a kind of user right method of calibration and device.
Background technology
At present, when dissimilar user operates computing machine, need to carry out verification to the authority of its operation according to user's role.For example, for the administrator, can carry out any operation to computing machine; For the user that this authority of maintenance customer and domestic consumer is fixed, need to identify its role according to its user name, then identify corresponding operating right according to the role; And for self-defined user, because its authority is the administrator interim the distribution, therefore, at first need it is carried out right assignment, and then judge that according to user name its operation of carrying out is whether within the distribution extent of competence.The process flow diagram of above-mentioned authorization check as shown in Figure 1.
In the authorization check process to dissimilar user shown in Figure 1, generally speaking, need the index by name by active user's user, obtain the role identification of respective user name in the user role table, then obtain the table identification information of user right in the user right label table by role identification, from the user right table of correspondence, obtain user's authority information by the table identification information again, judge that according to the user's who obtains authority information operation that the active user will carry out is whether within its extent of competence.
Can find out, whole authorization check process is to obtain user right information according to user's index by name, thereby judge whether current operation can be carried out, this method needs many table information such as retrieval user role table, user right label table, user right table, and this mentality of designing complex steps, the time that spends is long, so that the time that the active user is waited in by the process of verification is longer, user experience is poor.Further, in the prior art, above-mentioned three's form all is to be stored in the database, and capacity is limited, and read-write is inconvenient.
Summary of the invention
The technical matters that (one) will solve
The technical matters that the present invention at first will solve is: how to shorten the user before computing machine is operated, its authority is by the time of verification.
(2) technical scheme
In order to solve the problems of the technologies described above, the invention provides a kind of user right method of calibration, may further comprise the steps:
S1, set up the operational order sign file related with role identification, wherein, the role identification associated with described operational order sign refer to, has to carry out all users' the role identification that described operational order identifies the authority of institute's respective operations order;
S2, before the user carries out the current operation order, judge at first whether the user is self-defined user, if then be self-defined user assignment authority, in the file that step S1 sets up, increase the role identification related with the respective operations command id according to the authority of distributing, then forward step S3 to; Otherwise, judge whether the user is the administrator, if the administrator, then the administrator finishes after carrying out the current operation order; If not the administrator then forwards step S3 to;
S3, according to user name and the described operational order sign file related with role identification, judge whether to allow to carry out the current operation order, if, finish after then carrying out the current operation order, otherwise, end.
Preferably, step S3 is specially: search role identification according to user name, and in the described operational order sign file related with role identification, search with operational order corresponding to current operation order and identify, then whether there is the role identification that finds according to user name in all role identification that the operational order sign of judging and finding is associated, if, finish after then carrying out the current operation order, otherwise, do not allow to carry out the current operation order.
Preferably, the described operational order sign file related with role identification is tree, and operational order is designated father node, and role identification is child node.
Preferably, the described operational order sign file related with role identification is the XML file.
Preferably, in step S3, in the user role table, search role identification according to user name.
Preferably, among the step S2, if judge that the user is self-defined user, then when increasing the role identification related with the respective operations command id, also in described user role table, increase corresponding user name.
Preferably, described self-defined user's role identification is two-dimensional signal, comprises self-defined user role information and username information.
Preferably, identify the role identification that comprises the user except administrator and self-defined user in the corresponding role identification with operational order in the file of setting up among the step S1.
The invention provides a kind of user right calibration equipment, comprising:
Associated with is set up the unit, be used for setting up the operational order sign file related with role identification, and when Role judgement unit judges user is self-defined user, be self-defined user assignment authority, in the file of setting up, increase the role identification related with the respective operations command id according to the authority of distributing; Wherein, the role identification associated with described operational order sign refer to, has all users' of the authority of carrying out the respective operations order of described operational order sign institute role identification;
The Role judgement unit is used for judging user's type before the user carries out the current operation order; And judging that the user is not self-defined user and when being not the administrator, perhaps setting up the unit at described associated with is after self-defined user increases role identification, according to user name and the described operational order sign file related with role identification, judge whether to allow to carry out the current operation order;
The operational order performance element is used for carrying out the current operation order when described Role judgement unit judges allows to carry out the current operation order.
(3) beneficial effect
Technique scheme has following advantage: the present invention is by the default operational order sign file related with role identification, whether can judge rapidly according to user name allows the user to carry out the current operation order, thereby shorten the user before computing machine is operated, its authority is by the time of verification.
Description of drawings
Fig. 1 is user right checking process figure in the prior art;
Fig. 2 is user right method of calibration process flow diagram of the present invention;
Fig. 3 is the tree schematic diagram of operational order sign and role identification;
Fig. 4 is user right calibration equipment block diagram of the present invention.
Embodiment
Below in conjunction with drawings and Examples, the specific embodiment of the present invention is described in further detail.Following examples are used for explanation the present invention, but are not used for limiting the scope of the invention.
As shown in Figure 2, the invention provides a kind of user right method of calibration, may further comprise the steps:
S1, set up the operational order sign file related with role identification, wherein, the role identification associated with described operational order sign refer to, has to carry out all users' the role identification that described operational order identifies the authority of institute's respective operations order.
Operational order sign (ID) is used for the basic operation command that identifying user carries out computing machine, file manipulation commands such as read operation, write operation.Identify the role identification that comprises the user except administrator and self-defined user in the corresponding role identification with operational order in the file of setting up in this step, such as maintenance customer's (referring to have the user who carries out the specified permissions such as maintenance calculations machine associative operation command authority) and domestic consumer, their authority is fixed, and can preset.This be because, the administrator has the authority of computing machine being carried out all operations order, therefore, do not need to utilize and judge in this document step below whether it has the authority of carrying out certain operational order, and self-defined user is because its authority is distributed by the administrator is interim, and it is related that its role identification and operational order identify is to carry out among below the step S2.
In this step, the described operational order sign file layout related with role identification is the file of XML form, and the data structure that operational order sign and role identification are stored is tree, and operational order is designated father node, and role identification is child node.Generally, an operational order identifies corresponding a plurality of role identification, its structure as shown in Figure 3, wherein, 1 is father node, 2 ~ 5 is child node.Role identification child node associated under operational order sign father node is more, and then explanation can carry out that to identify the role of corresponding operational order just more with this operational order.
Need to prove, compare with databases such as Oracle and SQL Server, the XML form is simple, easily read-write, and extendability is strong, is preferred storage file form in the present invention therefore.
S2, before the user carries out the current operation order, judge at first whether the user is self-defined user, self-defined user's authority can be its interim distribution by the administrator, if, it then is self-defined user assignment authority, in the file that step S1 sets up, increase the role identification related with respective operations command id (refer to the authority of distributing by self-defined user corresponding) according to the authority of distributing, then forward step S3 to; Otherwise, judge whether the user is the administrator, if the administrator, then the administrator finishes after carrying out the current operation order; If not the administrator, can judge that the active user has the fixedly user of authority this moment, and for example maintenance customer or domestic consumer then forward step S3 to.
In this step, self-defined user's role identification is two-dimensional signal, comprise self-defined user role information and username information, this be because, each self-defined user's authority is different, and the two could identify certain specific self-defined user's role jointly to only have " self-defined user " this Role Information and " user name ".And, if judge that the user is self-defined user, then when increasing the role identification related with the respective operations command id, also in the user role table, increase corresponding user name.Storage user name and role identification information can find role identification according to user name in the described user role table, also can find user name according to role identification.
S3, this step is self-defined user user or has fixedly that the user of authority (for example maintenance customer or domestic consumer) carries out authorization check, to judge whether the current operation order can be performed by the active user, namely judge, whether the active user has the authority of carrying out the current operation order, concrete steps are: search role identification according to user name in the user role table, and in the described operational order sign file related with role identification, search with operational order corresponding to current operation order and identify, then whether there is the role identification that finds according to user name in all role identification that the operational order sign of judging and finding is associated, if, finish after then carrying out the current operation order, otherwise, do not allow to carry out the current operation order.
Correspondingly, as shown in Figure 4, the invention provides a kind of user right calibration equipment corresponding with said method, comprising:
Associated with is set up unit 410, be used for setting up the operational order sign file related with role identification, and when Role judgement unit judges user is self-defined user, be self-defined user assignment authority, in the file of setting up, increase the role identification related with the respective operations command id according to the authority of distributing; Wherein, the role identification associated with described operational order sign refer to, has all users' of the authority of carrying out the respective operations order of described operational order sign institute role identification;
Operational order performance element 430 is used in described Role judgement unit 420 and judges and carry out the current operation order when allowing to carry out the current operation order.
Above-mentioned associated with is set up unit, Role judgement unit, operational order performance element and all can be realized by hardware.Those of ordinary skills it is also understood that, all or part of step in the method for above-described embodiment is to come the relevant hardware of instruction to finish by program, this program can be stored in the computer-readable recording medium, and storage medium can comprise: ROM (read-only memory), random-access memory, disk or CD etc.
As can be seen from the above embodiments, the present invention is by the default operational order sign file related with role identification, whether can judge rapidly user's current operation according to user name can carry out, thereby shortened the user before computing machine is operated, its authority is by the time of verification, improve the efficient of operation computing machine, improved user's operating experience.And, because the present invention only need to safeguard a user role table, save the expense of building table, and the resource of system.The present invention can be applied in the multiple systems framework, applied range, can raising the travelling speed of system when carrying out bookkeeping, and can significantly reduce the cost of system development and enforcement.
The above only is preferred implementation of the present invention; should be pointed out that for those skilled in the art, under the prerequisite that does not break away from the technology of the present invention principle; can also make some improvement and replacement, these improvement and replacement also should be considered as protection scope of the present invention.
Claims (9)
1. a user right method of calibration is characterized in that, may further comprise the steps:
S1, set up the operational order sign file related with role identification, wherein, the role identification associated with described operational order sign refer to, has to carry out all users' the role identification that described operational order identifies the authority of institute's respective operations order;
S2, before the user carries out the current operation order, judge whether the user is self-defined user, if then be self-defined user assignment authority, in the file that step S1 sets up, increase the role identification related with the respective operations command id according to the authority of distributing, then forward step S3 to; Otherwise, judge whether the user is the administrator, if the administrator, then the administrator finishes after carrying out the current operation order; If not the administrator then forwards step S3 to;
S3, according to user name and the described operational order sign file related with role identification, judge whether to allow to carry out the current operation order, if, finish after then carrying out the current operation order, otherwise, end.
2. the method for claim 1, it is characterized in that, step S3 is specially: search role identification according to user name, and in the described operational order sign file related with role identification, search with operational order corresponding to current operation order and identify, then whether there is the role identification that finds according to user name in all role identification that the operational order sign of judging and finding is associated, if, finish after then carrying out the current operation order, otherwise, do not allow to carry out the current operation order.
3. the method for claim 1 is characterized in that, the described operational order sign file related with role identification is tree, and operational order is designated father node, and role identification is child node.
4. method as claimed in claim 3 is characterized in that, the described operational order sign file related with role identification is the XML file.
5. the method for claim 1 is characterized in that, in step S3, searches role identification according to user name in the user role table.
6. method as claimed in claim 5 is characterized in that, among the step S2, if judge that the user is self-defined user, then when increasing the role identification related with the respective operations command id, also increases corresponding user name in described user role table.
7. the method for claim 1 is characterized in that, described self-defined user's role identification is two-dimensional signal, comprises self-defined user role information and username information.
8. such as each described method in the claim 1 ~ 7, it is characterized in that, identify the role identification that comprises the user except administrator and self-defined user in the corresponding role identification with operational order in the file of setting up among the step S1.
9. a user right calibration equipment is characterized in that, comprising:
Associated with is set up the unit, be used for setting up the operational order sign file related with role identification, and when Role judgement unit judges user is self-defined user, be self-defined user assignment authority, in the file of setting up, increase the role identification related with the respective operations command id according to the authority of distributing; Wherein, the role identification associated with described operational order sign refer to, has all users' of the authority of carrying out the respective operations order of described operational order sign institute role identification;
The Role judgement unit is used for judging user's type before the user carries out the current operation order; And judging that the user is not self-defined user and when being not the administrator, perhaps setting up the unit at described associated with is after self-defined user increases role identification, according to user name and the described operational order sign file related with role identification, judge whether to allow to carry out the current operation order;
The operational order performance element is used for carrying out the current operation order when described Role judgement unit judges allows to carry out the current operation order.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310008019.6A CN103077337B (en) | 2013-01-09 | 2013-01-09 | User right method of calibration and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310008019.6A CN103077337B (en) | 2013-01-09 | 2013-01-09 | User right method of calibration and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103077337A true CN103077337A (en) | 2013-05-01 |
| CN103077337B CN103077337B (en) | 2015-09-16 |
Family
ID=48153865
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310008019.6A Active CN103077337B (en) | 2013-01-09 | 2013-01-09 | User right method of calibration and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103077337B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103684878A (en) * | 2013-12-30 | 2014-03-26 | 大唐移动通信设备有限公司 | Operating command parameter control method and device |
| CN104506630A (en) * | 2014-12-25 | 2015-04-08 | 深圳市华宝电子科技有限公司 | Method, server and system for generating authority data on basis of user roles |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101414253A (en) * | 2007-10-17 | 2009-04-22 | 华为技术有限公司 | Method and system for managing authority |
| CN102273135A (en) * | 2011-05-24 | 2011-12-07 | 华为技术有限公司 | Method, device and system for processing domain user authority information |
| CN102571771A (en) * | 2011-12-23 | 2012-07-11 | 华中科技大学 | Safety authentication method of cloud storage system |
-
2013
- 2013-01-09 CN CN201310008019.6A patent/CN103077337B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101414253A (en) * | 2007-10-17 | 2009-04-22 | 华为技术有限公司 | Method and system for managing authority |
| CN102273135A (en) * | 2011-05-24 | 2011-12-07 | 华为技术有限公司 | Method, device and system for processing domain user authority information |
| CN102571771A (en) * | 2011-12-23 | 2012-07-11 | 华中科技大学 | Safety authentication method of cloud storage system |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103684878A (en) * | 2013-12-30 | 2014-03-26 | 大唐移动通信设备有限公司 | Operating command parameter control method and device |
| CN103684878B (en) * | 2013-12-30 | 2017-01-25 | 大唐移动通信设备有限公司 | Operating command parameter control method and device |
| CN104506630A (en) * | 2014-12-25 | 2015-04-08 | 深圳市华宝电子科技有限公司 | Method, server and system for generating authority data on basis of user roles |
| CN104506630B (en) * | 2014-12-25 | 2019-04-16 | 深圳市华宝电子科技有限公司 | Permissions data generation method, server and system based on user role |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103077337B (en) | 2015-09-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10757106B2 (en) | Resource access control method and device | |
| US9003502B2 (en) | Hybrid multi-tenancy cloud platform | |
| US20140047444A1 (en) | Virtual machine managing apparatus, virtual machine managing method, and program thereof | |
| CN105488431A (en) | Authority management method and device for block chain system | |
| US11811839B2 (en) | Managed distribution of data stream contents | |
| CN107515879B (en) | Method and electronic equipment for document retrieval | |
| CN103581187A (en) | Method and system for controlling access rights | |
| CN107679417A (en) | A kind of method and system of user's operating right management | |
| CN110399171A (en) | A kind of hard disk management method, system and associated component | |
| CN110895537A (en) | Method and device for freely inquiring authority control | |
| US20130185280A1 (en) | Multi-join database query | |
| CN108846755A (en) | A kind of right management method and device based on intelligent contract | |
| CN103049546B (en) | The method and apparatus of a kind of management, access system daily record | |
| CN102469083A (en) | User authentication method and apparatus thereof, and enterprise system | |
| CN103077337A (en) | Method and device for verifying user rights | |
| CN101739523B (en) | Data permission control method and device | |
| CN102855297B (en) | A kind of method of control data transmission and connector | |
| US11394748B2 (en) | Authentication method for anonymous account and server | |
| US10439897B1 (en) | Method and apparatus for enabling customized control to applications and users using smart tags | |
| JP2014513344A (en) | Method and apparatus for moving a software object in the background | |
| CN111046115A (en) | Knowledge graph-based heterogeneous database interconnection management method | |
| CN105429972B (en) | Resource access control method and equipment | |
| CN105825146A (en) | Design and implementation of rapid data authority distribution under RBAC model | |
| CN108345491B (en) | Cross-platform virtual machine mandatory access control method in cloud computing environment | |
| CN102929802A (en) | Stored resource protection method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |